Augusta, GA (WJBF) We look at ways to protect your personal information on this edition of The Means Report. Cyber expert Dr. Jeffrey Morris is our guest. He walks us through the many ways we can protect our passwords, our data and other information stored on our devices. Watch our interview and learn how to stay safe when you’re online. Be sure to join us for The Means report Monday afternoons at 12:30 on WJBF NewsChannel 6.
We welcome back Dr. Jeffrey Morris from Augusta University School of Computer and Cyber Sciences. Dr. Morris, thanks for talking to us about cyber. It impacts all of us and thanks for coming back so soon. I really appreciate it.
Thank you for us coming back.
So speaking of cyber, a lot has happened since we last met regarding the city of Augusta and it’s IT network, it’s been hacked it’s the city has been a victim of a cyber crime. The mayor says. My question to you is, if a city the size of Augusta, Georgia can be vulnerable with its network, what hope is there for the rest of us?
Well, not knowing any of the details of what happened, there’s a lot of things that could have gone wrong. A lot of things that, again, there’s billions of websites, hundreds of millions of people every day on the internet doing things. So again, cyber criminals are out there, but they’re very much targeting what they’re looking for. So you and I, if we think about what we’re doing watch for the emails, don’t click on the link. We’re pretty good at keeping ourselves safe. We just have to be knowledgeable about what we’re doing.
Well and I do want to talk about safe practices when we’re surfing the web or when we’re checking our email. And I want to kind of do a recap of last week we hit this point but it’s well worth hitting again. And that’s passwords. What sort of recommendations can you give us about passwords and how to protect them. And Dr. Morris, how to remember them?
Well, it’s difficult, a password for every website, passwords at work. So the best advice I can give is use the password manager. There’s various programs, many of them are free that you can get and install on your computer. Most of them sync your computer to your tablet to your phone, and that way it remembers your passwords. It can generate strong, good passwords for you.
Let me interrupt you real quick just to, you know talk to me as if I’ve never seen a computer in my life because some folks aren’t as savvy as others. So I’m creating a password because I’ve just logged on to jcpenney.com and I’m buying a shirt. Where’s the password manager? Is that something I must go and navigate another site or another app store and get password manager that you just talked about?
Yes. If you search for password manager in any type of web search engine, you’ll get a list of the various companies that provide it.
How do we know they’re not stealing our passwords?
Well, the technology behind ’em, and again it’s a trust. Who do you trust to hold your data? And in this case, the typical model for these companies is when you create the password and actuality, there’s a way of hiding it and your password gets encrypted and they all they have is the encrypted data. Your master password, you’ll have one password allows you to get into the program which maybe you write down, keep it at home, if that’s okay. ‘Cause it’s the only one you never, you know, take it out. It’s just where you can have it so only you can see it. What I do is I make a very long one. One of the easiest ways they’re recommending today is think of your favorite song and think of about maybe the first four or five sentences in that song and just write it all together.
Wow. And that’s your password.
And that’s your password.
Okay if you do have something that difficult, you know like say it’s an entire six, seven verses of a song, it’s so hard. That’s so unhackable. Can you use that for all of your can that be your only password?
No.
Why?
That’s a terrible idea.
What? No.
Yes it is, we all do it. We all reuse passwords. But that is a horrible, horrible idea because say you use the same password that’s very strong. No, you know what we call unhackable. And what happens if the website or the company that you have that password with, they get hacked. And if they have not done the strong encryption like the password manager companies do and you hear this all the time, your 40,000 accounts have been hacked. And depending upon how the company handles your data those passwords could then be read. And then on the this thing that we call the dark web there are gigantic files that have millions and millions and tens of millions of passwords for sale and then they sell it to each other.
Okay? All right. Now that’s really eye-opening when it comes to passwords. Let’s talk about phishing. And these are emails when people reach out to you and are trying to steal your personal information. My question is how can you tell the legitimate ones from the fake ones? Or there some big warning signs maybe misspellings and things like that we can look for?
Well, that’s the thing that we always advise you to be careful of. Any email that you get regardless of the source, because maybe that trusted source has been hacked and you don’t know this. And so you look for misspellings, improper grammar, things that, one of the things is you gotta do this right now. If you don’t do this right now, you’re gonna get in trouble. If a company really is reaching out to you or the US government, and wants you right now for you to do something, they’re gonna call you, they’re gonna send you a registered letter. They’re not gonna send you an email out of the blue saying you must do this. You must send money, you must do this or you’re gonna get in trouble. That’s not how it works. So those are almost always cyber criminals trying to scare you into making a decision that benefits them and they’re using time and pressure and a threat against you.
Boy, that’s great advice as well. And I saw a website the other day. It, I thought was from a familiar source, but I studied it and saw a misspelling and thought, okay, this is not legit. And it wasn’t, I didn’t click on it. Let’s hit some high points of life on the web. When you see that lock in the address window, you know that does that guarantee that everything you’re doing is secure? I always just look for that lock.
Well, the lock indicates that your web browser and the site that that you’re talking to have an encrypted channel. That’s what that means. So does not necessarily mean that what’s happening at the website that you’re going to has not been hacked itself. Sometimes these type of attacks are very, very quiet. The criminals get in, they make changes to a well used website, and then you come in you get the locks and you’re doing all the right things but unknown to you, you’re being fed bad stuff.
What about when you get an alert that says it’s time for a software update or some sort of security update. Do you recommend always installing those? Because sometimes I’m concerned that, all right this is the 50th thing Apple has sent me this year. This is gonna be the one that kills my iPhone battery if I download it. What are your thoughts?
One of the best things you can do to protect yourself is to keep all of your software updated. Microsoft every month on second Tuesday of the month pushes out patches to Microsoft Windows and Microsoft Office products. Other companies have started doing that at the same time. Criminals today are starting to target all of the other programs that are on your computer not the operating system. So sure, you’ve updated your Microsoft Windows no problem. But you’ve got a program that you installed or maybe came with your computer when you bought it that hasn’t had an update in four or five years.
I thought when you did a software update it went out to every single thing on your phone or computer and updated everything.
For smaller devices like your tablets and your phones when they do an update, most of the programs are updated. It’s just the way the ecosystem for those devices work. But for computers, it’s not all you’re doing when you get that Microsoft update notice is you’re only updating Microsoft stuff, not all the other programs. You have to, my advice is if you’re not using a program, take it off your computer.
Do you like pop-ups? Because I blocked pop-ups one time and then half the places I go to pay my bills didn’t work anymore because they use pop-ups in a good way. And I hope I’m saying this right. Do you like those pop-ups?
Pop-ups can be dangerous. That is one of it’s an older style of attack. You’re on the website, suddenly a web, you know pop-up comes up saying, hey, we found a virus, click here to know those are bad.
So go ahead. I didn’t let you finish.
But for legitimate websites using popups is a way of of actually doing things properly. So you just really have to evaluate, am I in a website that I’m doing business with? I know it real well. Popup comes up, probably a good thing if I’m just surfing the web, some other, you know non-financial based type of webpage and you get a popup I’d be very suspicious about that.
And you can allow and un allow, block and unblock popups as you go, right?
That is true. You can’t, most modern web browsers will allow you to pick and choose which ones you allow popups and which ones you turn them off.
Last question, and I suspect your answer might be similar to your phishing answer, but what is social engineering? My lay understanding of it is that it’s when someone you know, or it appears that you’re getting correspondence from someone you know, but it’s really a bad guy.
Well, social engineering covers a lot of different attacks, but basically it is a criminal trying to convince you to trust them. However that happens. Whether they pretend to be the government, your friend a service that you use, they are trying to get inside your head and make you think to trust them. So then as it follows along, they’ll be, excuse me invariably asking you for money.
Yeah, no, that makes sense.
So yeah, social engineering is an attack on the human, not the computer technology.
Well, our 12 minutes has flown by yet again but I hope that people, as I have, will walk away with a ton of information from you and be careful out there when they’re on the information superhighway. Dr. Jeffrey Morris, thanks again for your time.
All right, thank you for having me back.
